Threat Intelligence
8/29/2016
04:00 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

DoD Taps DEF CON Hacker Traits For Cybersecurity Training Program

Famed capture-the-packet contest technology will become part of DoD training as well.

The Defense Department for the second year in a row sent one of its top directors to DEF CON in Las Vegas this month, but it wasn’t for recruiting purposes.

So what was Frank DiGiovanni, director of force training in DoD’s Office of the Assistant Secretary of Defense for Readiness, doing at DEF CON? “My purpose was to really learn from people who come to DEF CON … Who are they? How do I understand who they are? What motivates them? What sort of attributes” are valuable to the field, the former Air Force officer and pilot who heads overall training policy for the military, says.

DiGiovanni interviewed more than 20 different security industry experts and executives during DEF CON. His main question:  “If you’re going to hire someone to either replace you or eventually be your next cyber Jedi, what are you looking for?”

The DEF CON research is part of DiGiovanni’s mission to develop a state-of-the-art cyber training program that ultimately helps staff the military as well as private industry with the best possible cybersecurity experts and to fill the infamous cybersecurity skills gap today. The program likely will employ a sort of ROTC-style model where DoD trains the students and they then owe the military a certain number of years of employment.

With the help of DEF CON founder Jeff Moss, DiGiovanni over the the past year has met and then picked the brains of, seasoned hackers and the people who hire them about the types of skills, characteristics, and know-how needed for defending organizations from today’s attackers.

DiGiovanni, who is also responsible for helping shape retention and recruitment policy efforts in the DoD, has chatted with CEOs of firms that conduct penetration testing, as well as pen testers and other security experts themselves, to get a clearer picture of the types of skills DoD should be teaching, testing, and encouraging, for future cybersecurity warriors and civilians.

This is the second phase of the development of a prototype cyber training course he spearheads for DoD at Fort McNair: the intensive six-month prototype program currently consists of 30 students from all branches of the military as well as from the US Department of Homeland Security. It’s all about training a new generation of cybersecurity experts.

The big takeaway from DiGiovanni’s DEF CON research: STEM, aka science, technology, engineering, and mathematics, was not one of the top skills organizations look for in their cyber-Jedis. “Almost no one talked about technical capabilities or technical chops,” he says. “That was the biggest revelation for me.”

DiGiovanni compiled a list of attributes for the cyber-Jedi archetype based on his interviews. The ultimate hacker/security expert, he found, has skillsets such as creativity and curiosity, resourcefulness, persistence, and teamwork, for example.

A training exercise spinoff of DEF CON’s famed capture-the-packet (CTP) contest also will become part of the DoD training program. DiGiovanni recruited DEF CON CTP and Wall of Sheep mastermind Brian Markus to repurpose his capture-the-packet technology as a training exercise module. “In October, he will submit to the government a repackaged capture-the-packet training capability for DoD, which is huge,” DiGiovanni says. Also on tap is a capture-the-flag competition, DoD-style, he says.

One of the security experts DiGiovanni met with at DEF CON this year was Patrick Upatham, global director of advanced cybersecurity at Digital Guardian. “I was a little apprehensive at first,” Upatham says. “After learning what they are doing and the approach that they are taking, it totally made sense.”

“He [Frank] is looking for a completely different mindset and background, and [to] then train that person with the technical detail” to do the job, Upatham says. “They are looking for folks who are more resourceful and persistent, and creative in their mindset.”

DoD’s training program is about being more proactive in building out its cybersecurity workforce. That’s how it has to work now, given that more than 200,000 cybersecurity jobs were left unfilled last year overall. DoD’s Cyber Mission Force is calling for some 6,200 positions to be filled.

The goal is to train that workforce in both offensive and defensive security skills. That means drilling down on the appropriate problem-based learning, for example. The current prototype training program doesn’t require a four-year degree, and it’s more of a “journeyman apprentice” learning model, DiGiovanni says.

About 80% or so is hands-on keyboard training, he says, with the rest is lecture-based. “A lot of the lectures are by the students themselves, with a learn-by-teaching model,” he says.

From 'Cable Dog' To Hax0r

DiGiovanni gave an example of one student in the DoD training program who came in knowing nothing about security. The young man was a self-professed  “cable dog” at Fort Meade, a reference to his job of pulling cable through pipes. But when he finished the six-month DoD course, he was reverse-engineering malware.

“When he came to the course, he didn’t know what a ‘right-click’” of a mouse was, nor did he have any software technology experience, DiGiovanni recalls. “To me, that’s a heck of a success story.”

The next step is determining how to scale the DoD training program so that it can attract and train enough cyber warriors for the future. The goal is to hand off the training program to a partner organization to run it and carry it forward, possibly as early as this fall, he says.

Meantime, DiGiovanni says the DEF CON hacker community is a key resource and potential partner. “The security of our nation is at stake. I think it’s imperative for DoD to embrace the DEF CON community because of the unique skill they bring to the table,” he says. “They want to serve and contribute, and the nation needs them.”

Related Content:

 

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
BarryRGreene
50%
50%
BarryRGreene,
User Rank: Apprentice
8/30/2016 | 9:25:20 AM
The irony is that DoD use to do these "capture the packet" exercises .....
Back in 1994 I trained my operations team with a red team/blue team "capture the packet" type exercise. It was derived from the experience with DoD "Rainbow Book" training exercises. 

Over two decades later, US DoD is hiring someone else to remind them about a training tool they created. 

Now if we could only interest other large organizations. 

 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.